You can use any suitable templates available for creating your own QFlow. You can select a template to adopt the QFlow. Let us take one use case; you want to identify the Security Groups allowing IPs other than the allowed IPs defined by your organization. You can directly use the template; you need to select the account and region and click Save. You can customize this template to suit your requirement.
For this QFlow, you can use the Security Group allowing outside IP’s template.
1. Navigate to the QFlows tab > Create QFlow > Using a template.
The QFlow Template is displayed.
You can use the template directly; you need to select the account and region and click Save. You can customize this template to suit your requirement.
Note: Qualys recommends to test and verify the QFlow with a single account and region before applying it to multiple accounts and regions. Once satisfied with the QFlow and outcome, you can deploy the QFlow on multiple accounts and regions.
The account and regions in your subscription are populated while selecting account and region.
- Click Select Account to choose the account from the list, and then click Apply.
- Click Select Region to choose the region from the list, and then click Apply.
You can customize the QFlow as per your need. You can customize variables. You can add global variables and use this value as a reference anywhere in the QFlow using the $wf.variables: <name>
Variable Type |
Description |
Auto |
It automatically determined from the previous value and can be a string, number, boolean, or null. |
Array |
It contains an ordered collection of values. |
Object |
It contains an unordered set of key/value pairs. |
String |
Field type is not determined from the value but is always returned as a string. |
You can perform various actions for the variables, like appending the same field as the earlier one defined in the variable, inserting a new field, or duplicating or removing the existing field.
To know more about the usage of Variables, see Example.
4. Run and check the functionality of the node.4. Run and check the functionality of the node.
It is best practice to check the functionality of individual nodes before running the QFlow.
- Click the three dots at the top right corner of the specific node to get the Run till option for running the QFlow until that specific node.
The status of the running of the QFlow is displayed. The status of the input and output of the node is displayed in green.
You can view the execution history by clicking the icon adjacent to the status for the details of the node’s output.
- Click the icon to view the details of execution details.
For demonstration, we have shown the custom node’s execution history. You can download the JSON file using icon or copy the JSON code in the clipboard using
icon.
Note: Qualys recommends testing and verifying the QFlow with a single account and region before applying it to multiple accounts and regions. Once you are satisfied with the QFlow and outcome, you can deploy the QFlow on multiple accounts and regions.
Once you verify the functioning of your QFlow, you can save the QFlow.
4. To save the QFlow, click Save.
- Select the AWS Accounts and Regions and click Save.
Your QFlow is ready. You can now create user-defined control in the TotalCloud application.
For more information refer to Use QFlow in TotalCloud
Example of VariableExample of Variable
You want to identify the Security Groups that permit IPs other than the allowed IPs defined by your organization in the above example.
You can define a new global variable named Exception that can have an Exception security group from your inventory consisting of specific IPs. So once you have defined that Exception variable, you do not have to add or delete IPs from the group at the node level.
1. Click to insert a new variable, and select Auto.
2. Provide a name (Exception) to the variable and add the group (Exception security group).
You have created a new global variable as an Exception.
If you want to make an exception for this specific group, you can use a filter node to include the new global variable Exception.
3. Click the pencil icon from Custom Node.
4. Click Insert node before and select Filter node from General Nodes.
5. Click the pencil icon from the Filter node.
6. Select Key as $GroupName from the list, the Operator as != and write Value as $wf.variable.Exception.
Note: You are using the global variable defined in step 2.
Now the filter allows the assets defined in the Exception security group. Continue the rest of the procedure using the template as explained above.